Firewall Reporter

Alex Le Fevre

Regardless of whether you’re a professional firewall administrator watching over a network of machines or simply a home enthusiast who’s concerned about security, your best bet in making sure that your firewall is working is looking at the log files it generates. These often detailed records contain all the pieces necessary to tell whether there are intruders attempting to break into your system. These records can also let you know if you’ve put in rules that are causing unnecessary network blockage, or if something else is wrong with your network’s operation.

The problem is that these logs are often much too detailed. Red flags get buried under piles of successful operations meaning that you could miss the solution to a potential problem. Further compounding the problem is the dearth of software available to analyze and report back on these log files.

I was alerted to this problem several months ago by a co-worker, George Johnson, who was complaining to me one day that his management wanted reports on firewall activity and that he had no way to give them such reports without creating reporting software himself. As an aspiring programmer looking to expand my C/C++ skills, I told him I’d take a stab at writing such a reporting program; he provided me with some sample log files from CheckPoint Software’s FW-1 package and gave me an idea of what might be required. I wrote the program this article describes, Fwreport. See Listing 1.

My aim in creating this program was to make a tool that would allow network administrators running FW-1 not only to generate reports on demand, but also provide them with automatic notification of potential problems on their network. (Currently, Fwreport only supports FW-1; administrators interested in using it for other packages are encouraged to send me sample log files so that I can expand its capabilities.)